encrypt authentication credentials with payload in the clear?
Nick Lange
nicklange at wi.rr.com
Thu Mar 6 14:23:15 EST 2003
Afternoon everyone,
If everyone is entirely concerned about innocuous commands comming over the ssh session to the shell account, why
not just analyze the shell logs for analysis there?
Tap the destination, not the transit.
[OT, beware]
My solution I had been playing with per an article in sysadmin was logging each individual session to a "log" directory
broken down by time date etc. You could go one step farther than this however, and mod their favorite shell to flush
it's output to a named pipe for analysis by your IDS of choice. [I would go that extra step and modify their shell not
autoflush so that if they kill -9 their shell you don't lose the session log (bash)].
the data is still protected in transit to the box, and their admin's can still "sniff" the user's traffic for analysis
of bad things.
*shrug*, I guess this is an admin philosophy thing. Being in the named below industry, I've also had this discussion
before. It usually takes planting the idea in peoples heads and letting it simmer for a while until it makes sense to
them; albeit, some poeople refuse to see the pitfalls of cleartext traffic even after being fully informed.
Good luck,
nick
Loomis, Rip wrote:
>>I can't help but feel like if you want to watch the traffic
>>of people's ssh session then you are already hacked.
>
>
> In some realms, particularly financial institutions, there's
> a requirement that all network traffic in/out of corporate
> "desktop type" networks must be collected -- so that the
> institution can prove what it knew when. Think "insider trading"
> as well as proprietary data.
>
> However, most of those organizations don't use SSH in or outbound.
> In my experience the folks with those sorts of requirements who
> outsource some of their server/network operations or monitoring
> provide a separate dedicated network connection for the
> outsourcing folks, or use a "basin" as Ben already mentioned
> (although I've heard it called other things).
>
> If SSH did support a mode where authentication information was
> encrypted but terminal sessions were not, it would satisfy a
> real world requirement IMHO. What's not clear, though, is whether
> that requirement is worth satisfying in the "stock" portable
> OpenSSH.
>
>
>>I feel like sending traffic cleartext is just a bad idea accross the
>>board. What if someone su's or logs into other systems or exposes
>>database account credentials to something containing personal info
>>and/or credit card numbers from those cleartext ssh sessions?!?
>
>
> That's a valid concern--as I said, though, the places that want
> this sort of functionality generally have a good reason (either
> legal, or based on a full-up risk and threat assessment) why they
> want to collect it. It might seem strange, but it does happen.
>
> --
> Rip Loomis
> Senior Systems Security Engineer, SAIC Enterprise Security Solutions
> Brainbench MVP for Internet Security | http://www.brainbench.com
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list